/*
 * Copyright (C) 2020 Honeywell, Inc. All Rights Reserved.
 */
package org.thanos.iot.shiro;

import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.thanos.iot.entity.role.SysRole;
import org.thanos.iot.entity.user.SysUser;
import org.thanos.iot.entity.user.SysUserRole;
import org.thanos.iot.dao.menu.SysMenuMapper;
import org.thanos.iot.dao.role.SysRoleMapper;
import org.thanos.iot.dao.role.SysRoleMenuMapper;
import org.thanos.iot.dao.user.SysUserDao;
import org.thanos.iot.dao.user.SysUserRoleDao;

import java.util.*;

@Slf4j
public class ShiroRealm extends AuthorizingRealm {

    @Autowired
    private SysUserDao iotUserMapper;

    @Autowired
    private SysRoleMenuMapper iotRoleMenuMapper;

    @Autowired
    private SysMenuMapper iotMenuMapper;

    @Autowired
    private SysRoleMapper iotRoleMapper;

    @Autowired
    private SysUserRoleDao iotUserRoleMapper;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SysUser iotUser = (SysUser) SecurityUtils.getSubject().getPrincipal();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        SysUserRole iotUserRole = iotUserRoleMapper.selectByUserId(iotUser.getId());
        SysRole iotRole = iotRoleMapper.selectByPrimaryKey(iotUserRole.getRoleId());
        if (Objects.nonNull(iotRole)) {
            // 获取用户角色集,用户权限集
            Set<String> roleSet = Collections.singleton(iotRole.getCode());
            List<Integer> menuIds = iotRoleMenuMapper.queryByRoleId(iotRole.getId());
            Set<String> permissionSet = new HashSet<>(iotMenuMapper.queryAllPermits(menuIds));
            simpleAuthorizationInfo.setRoles(roleSet);
            simpleAuthorizationInfo.setStringPermissions(permissionSet);
        }
        return simpleAuthorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
            throws AuthenticationException {
        String loginId = String.valueOf(authenticationToken.getPrincipal());
        String password = new String((char[]) authenticationToken.getCredentials());

        SysUser iotUser = iotUserMapper.selectByLoginId(loginId, null);
        if (Objects.isNull(iotUser)) {
            throw new UnknownAccountException("用户不存在！");
        }
        if (!Objects.equals(password, iotUser.getPassword())) {
            throw new IncorrectCredentialsException("密码错误！");
        }
        if (Boolean.FALSE.equals(iotUser.getStatus())) {
            throw new ExpiredCredentialsException("账号已失效！");
        }
        return new SimpleAuthenticationInfo(iotUser, password, getName());
    }
}
